diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 14:30:35 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-07 14:30:35 +0000 |
commit | 378c18e5f024ac5a8aef4cb40d7c9aa9633d144c (patch) | |
tree | 44dfb6ca500d32cabd450649b322a42e70a30683 /lib/selinux-utils.c | |
parent | Initial commit. (diff) | |
download | util-linux-upstream.tar.xz util-linux-upstream.zip |
Adding upstream version 2.38.1.upstream/2.38.1upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'lib/selinux-utils.c')
-rw-r--r-- | lib/selinux-utils.c | 85 |
1 files changed, 85 insertions, 0 deletions
diff --git a/lib/selinux-utils.c b/lib/selinux-utils.c new file mode 100644 index 0000000..c0df891 --- /dev/null +++ b/lib/selinux-utils.c @@ -0,0 +1,85 @@ +/* + * No copyright is claimed. This code is in the public domain; do with + * it what you wish. + * + * Written by Karel Zak <kzak@redhat.com> [January 2021] + */ +#include <selinux/context.h> +#include <selinux/selinux.h> +#include <selinux/label.h> +#include <stdio.h> +#include <string.h> +#include <sys/types.h> +#include <errno.h> + +#include "selinux-utils.h" + +/* set the SELinux security context used for _creating_ a new file system object + * + * returns 0 on success, + * or <0 on error + */ +int ul_setfscreatecon_from_file(char *orig_file) +{ + if (is_selinux_enabled() > 0) { + char *scontext = NULL; + + if (getfilecon(orig_file, &scontext) < 0) + return -1; + if (setfscreatecon(scontext) < 0) { + freecon(scontext); + return -1; + } + freecon(scontext); + } + return 0; +} + +/* returns 1 if user has access to @class and @perm ("passwd", "chfn") + * or 0 on error, + * or 0 if has no access -- in this case sets @user_cxt to user-context + */ +int ul_selinux_has_access(const char *classstr, const char *perm, char **user_cxt) +{ + char *user; + int rc; + + if (user_cxt) + *user_cxt = NULL; + + if (getprevcon(&user) != 0) + return 0; + + rc = selinux_check_access(user, user, classstr, perm, NULL); + if (rc != 0 && user_cxt) + *user_cxt = user; + else + freecon(user); + + return rc == 0 ? 1 : 0; +} + +/* Gets the default context for @path and @st_mode. + * + * returns 0 on success, + * or <0 on error + */ +int ul_selinux_get_default_context(const char *path, int st_mode, char **cxt) +{ + struct selabel_handle *hnd; + struct selinux_opt options[SELABEL_NOPT] = {}; + int rc = 0; + + *cxt = NULL; + + hnd = selabel_open(SELABEL_CTX_FILE, options, SELABEL_NOPT); + if (!hnd) + return -errno; + + if (selabel_lookup(hnd, cxt, path, st_mode) != 0) + rc = -errno + ; + selabel_close(hnd); + + return rc; +} |